tests pipeline run attempt
This commit is contained in:
master
90
.gitea/workflows-archived/policy-simulate.yml
Normal file
90
.gitea/workflows-archived/policy-simulate.yml
Normal file
@@ -0,0 +1,90 @@
|
||||
name: Policy Simulation
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- 'docs/policy/**'
|
||||
- 'docs/examples/policies/**'
|
||||
- 'scripts/policy/**'
|
||||
- '.gitea/workflows/policy-simulate.yml'
|
||||
push:
|
||||
branches: [ main ]
|
||||
paths:
|
||||
- 'docs/policy/**'
|
||||
- 'docs/examples/policies/**'
|
||||
- 'scripts/policy/**'
|
||||
- '.gitea/workflows/policy-simulate.yml'
|
||||
|
||||
jobs:
|
||||
policy-simulate:
|
||||
runs-on: ${{ vars.LINUX_RUNNER_LABEL || 'ubuntu-latest' }}
|
||||
env:
|
||||
DOTNET_NOLOGO: 1
|
||||
DOTNET_CLI_TELEMETRY_OPTOUT: 1
|
||||
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
|
||||
TZ: UTC
|
||||
THRESHOLD: 0
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Task Pack offline bundle fixtures
|
||||
run: python3 .gitea/scripts/test/run-fixtures-check.sh
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Setup .NET 10 RC
|
||||
uses: actions/setup-dotnet@v4
|
||||
with:
|
||||
dotnet-version: 10.0.100
|
||||
include-prerelease: true
|
||||
|
||||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@v3.4.0
|
||||
|
||||
- name: Cache NuGet packages
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
~/.nuget/packages
|
||||
.nuget/packages
|
||||
key: policy-sim-nuget-${{ runner.os }}-${{ hashFiles('**/*.csproj') }}
|
||||
|
||||
- name: Restore CLI
|
||||
run: |
|
||||
dotnet restore src/Cli/StellaOps.Cli/StellaOps.Cli.csproj --configfile nuget.config
|
||||
|
||||
- name: Generate policy signing key (ephemeral)
|
||||
run: |
|
||||
OUT_DIR=out/policy-sign/keys PREFIX=ci-policy COSIGN_PASSWORD= scripts/policy/rotate-key.sh
|
||||
|
||||
- name: Sign sample policy blob
|
||||
run: |
|
||||
export COSIGN_KEY_B64=$(base64 -w0 out/policy-sign/keys/ci-policy-cosign.key)
|
||||
COSIGN_PASSWORD= \
|
||||
.gitea/scripts/sign/sign-policy.sh --file docs/examples/policies/baseline.stella --out-dir out/policy-sign
|
||||
|
||||
- name: Attest and verify sample policy blob
|
||||
run: |
|
||||
export COSIGN_KEY_B64=$(base64 -w0 out/policy-sign/keys/ci-policy-cosign.key)
|
||||
COSIGN_PASSWORD= \
|
||||
scripts/policy/attest-verify.sh --file docs/examples/policies/baseline.stella --out-dir out/policy-sign
|
||||
|
||||
- name: Run batch policy simulation
|
||||
run: |
|
||||
scripts/policy/batch-simulate.sh
|
||||
|
||||
- name: Upload simulation artifacts
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: policy-simulation
|
||||
path: out/policy-sim
|
||||
retention-days: 7
|
||||
|
||||
- name: Upload signing artifacts
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: policy-signing
|
||||
path: out/policy-sign
|
||||
retention-days: 7
|
||||
|
||||
Reference in New Issue
Block a user